Title: Junior Security Engineer
Location: Open, United States
Travel: Up to 25%
We are seeking a dynamic professional with 1-4 years of technical experience with a desire to grow in cybersecurity experience by performing and/or participating in DoD and/or NIST-based system security assessments, privacy assessments, continuous monitoring activities, and/or other Assessment and Authorization (A&A) activities.
Duties and Responsibilities:
Skills and Qualifications:
- Develop, assess, and analyze cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards.
- Perform system/network vulnerability scanning and analysis using both automated tools and manual techniques.
- Assist with technical assessments using standard industry tools such as Nessus, DB Protect, WebInspect, ACAS (for DoD), and others.
- Identify and apply vulnerability remediations, fix procedures, and when necessary mitigation techniques.
- Assist with the identification and mitigation of cyber security risks through formal assessment activities.
- Develop detailed reports based on testing and data analysis.
- Participate in compliance related discussions (this includes basic understanding of applicable compliance frameworks, architectures, and security control requirements (technical and non-technical).
- Attend and participate in regular project meetings; Communicate and distill information from technical resources during formal and informal meetings.
- Able to work remotely and travel at least 25% as required for various client engagements.
- 1-4 years of experience in security related implementation, operation, and/or management of IT security solutions, knowledge of the principles, methods, and techniques used in security, application, and/or network engineering.
- Exposure to testing tools such as Nessus/ACAS, SCC, DISA STIGs / STIG Viewer, Wire Shark, Flying Squirrel, etc.
- Exposure to Software Development Lifecycle (SDLC) and related terminology as it relates to Information Security/Information Assurance.
- Self-motivated and able to work in an independent manner or as part of a client delivery team.
- Able to write about and discuss technical security issues in a clear, concise manner.
- Exceptional organizational, planning, and attention to detail skills.
- Able to work in a fast-paced, deadline-driven, remote environment.
- Able to travel at least 25% as required for various client engagements.
- Strong technical background.
- Experience working in a service desk environment and supporting customer infrastructure.
- Coding/Programming experience with one or more of the following tools: Python, Perl, Shell, Bash, Batch, etc.
- Testing tool experience such as: Nmap, Nessus, WebInspect, DBProtect, Metasploit, etc.
- Experience and technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.
- Bachelor’s degree in IT related field or equivalent technical certifications.
- The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications, Security+, Network+, CAP, SANS security certifications, etc.